General
-
Target
6fba36f968c9172ca0eb8f74a9a071488ab7ba8b3893619945c669c618c296a6
-
Size
2.8MB
-
Sample
220511-c86ggseac8
-
MD5
891255ea3e3fca9af61b4c0eb48b8292
-
SHA1
2325435aee0b456092b16f817d81fd1c8b320e3a
-
SHA256
6fba36f968c9172ca0eb8f74a9a071488ab7ba8b3893619945c669c618c296a6
-
SHA512
9a5fa2dff01938e096be0be09538577528c1733f859aebbd33b782d6346808eb16c5f620804e0cf29519c8c5c4303b8b9cb48f41ab0fffef1dc9c5c5171858c1
Static task
static1
Behavioral task
behavioral1
Sample
6fba36f968c9172ca0eb8f74a9a071488ab7ba8b3893619945c669c618c296a6.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6fba36f968c9172ca0eb8f74a9a071488ab7ba8b3893619945c669c618c296a6.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
6fba36f968c9172ca0eb8f74a9a071488ab7ba8b3893619945c669c618c296a6
-
Size
2.8MB
-
MD5
891255ea3e3fca9af61b4c0eb48b8292
-
SHA1
2325435aee0b456092b16f817d81fd1c8b320e3a
-
SHA256
6fba36f968c9172ca0eb8f74a9a071488ab7ba8b3893619945c669c618c296a6
-
SHA512
9a5fa2dff01938e096be0be09538577528c1733f859aebbd33b782d6346808eb16c5f620804e0cf29519c8c5c4303b8b9cb48f41ab0fffef1dc9c5c5171858c1
Score10/10-
BitRAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-